Skip to content

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also .

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also .
...
Checking mergeability… Don’t worry, you can still create the pull request.
  • 4 commits
  • 5 files changed
  • 0 commit comments
  • 1 contributor
Commits on Mar 22, 2011
wilhelm bierbaum iterate over correct object c2a38cb
wilhelm bierbaum Merge remote branch 'origin/master' into ssl_track_cipher
Conflicts:
	finagle-core/src/main/scala/com/twitter/finagle/builder/ServerBuilder.scala
7bd0097
wilhelm bierbaum pass SSL cipher through as a header 39f3f05
Commits on Mar 24, 2011
wilhelm bierbaum merge 5c0ce98
View
1 finagle-core/src/main/scala/com/twitter/finagle/builder/Http.scala
@@ -38,6 +38,7 @@ class Http(compressionLevel: Int = 0) extends Codec[HttpRequest, HttpResponse] {
// Response to Expect: Continue
pipeline.addLast("respondToExpectContinue", new RespondToExpectContinue)
pipeline.addLast("httpDechunker", new HttpChunkAggregator(10<<20))
+ pipeline.addLast("annotateCipher", new AnnotateCipher)
pipeline.addLast(
"connectionLifecycleManager",
View
13 finagle-core/src/main/scala/com/twitter/finagle/builder/ServerBuilder.scala
@@ -6,6 +6,7 @@ import scala.collection.JavaConversions._
import java.util.concurrent.Executors
import java.util.logging.Logger
import java.net.SocketAddress
+import javax.net.ssl.{SSLContext, SSLEngine}
import org.jboss.netty.bootstrap.ServerBootstrap
import org.jboss.netty.channel._
@@ -62,7 +63,7 @@ final case class ServerConfig[Req, Rep](
private val _recvBufferSize: Option[Int] = None,
private val _bindTo: Option[SocketAddress] = None,
private val _logger: Option[Logger] = None,
- private val _tls: Option[(String, String)] = None,
+ private val _tls: Option[SSLContext] = None,
private val _startTls: Boolean = false,
private val _channelFactory: ReferenceCountedChannelFactory = ServerBuilder.defaultChannelFactory,
private val _maxConcurrentRequests: Option[Int] = None,
@@ -176,7 +177,7 @@ class ServerBuilder[Req, Rep](val config: ServerConfig[Req, Rep]) {
copy(config.copy(_logger = Some(logger)))
def tls(certificatePath: String, keyPath: String) =
- copy(config.copy(_tls = Some((certificatePath, keyPath))))
+ copy(config.copy(_tls = Some(Ssl.server(certificatePath, keyPath))))
def startTls(value: Boolean) =
copy(config.copy(_startTls = true))
@@ -293,12 +294,14 @@ class ServerBuilder[Req, Rep](val config: ServerConfig[Req, Rep]) {
}
// SSL comes first so that ChannelSnooper gets plaintext
- config.tls foreach { case (certificatePath, keyPath) =>
- val sslEngine = Ssl.server(certificatePath, keyPath).createSSLEngine()
+ var sslEngine: SSLEngine = null
+ _tls foreach { ctx: SSLContext =>
+ sslEngine = ctx.createSSLEngine()
sslEngine.setUseClientMode(false)
sslEngine.setEnableSessionCreation(true)
- pipeline.addFirst("ssl", new SslHandler(sslEngine, config.startTls))
+ pipeline.addFirst("sslCipherAttribution", new SslCipherAttributionHandler(sslEngine))
+ pipeline.addFirst("ssl", new SslHandler(sslEngine, _startTls))
}
// Serialization keeps the codecs honest.
View
29 finagle-core/src/main/scala/com/twitter/finagle/builder/Ssl.scala
@@ -9,6 +9,9 @@ import java.security.spec._
import javax.net.ssl._
import java.util.Random
+import org.jboss.netty.channel.{Channel, ChannelLocal, ChannelHandlerContext,
+ MessageEvent, SimpleChannelHandler}
+
import scala.collection.mutable.ArrayBuffer
import scala.collection.JavaConversions._
import scala.util.control.Breaks._
@@ -20,6 +23,32 @@ case class SslServerConfiguration(
val certificatePath: String,
val keyPath: String)
+object SslCipherAttribution extends ChannelLocal[String] {
+
+ /**
+ * Set the cipher suite attribution for the given Channel to the current cipher
+ * in use in the specified SSLEngine.
+ *
+ * Fails silently if either is null.
+ */
+ def apply(channel: Channel, sslEngine: SSLEngine) {
+ if (channel != null && sslEngine != null)
+ set(channel, sslEngine.getSession.getCipherSuite)
+ }
+
+ def apply(channel: Channel) =
+ get(channel)
+
+ override protected def initialValue(channel: Channel): String = "plaintext"
+}
+
+class SslCipherAttributionHandler(sslEngine: SSLEngine) extends SimpleChannelHandler {
+ override def messageReceived(ctx: ChannelHandlerContext, e: MessageEvent) {
+ SslCipherAttribution(ctx.getChannel, sslEngine)
+ super.messageReceived(ctx, e)
+ }
+}
+
/**
* Creates KeyManagers for PEM files.
*/
View
23 finagle-core/src/main/scala/com/twitter/finagle/http/AnnotateCipher.scala
@@ -0,0 +1,23 @@
+package com.twitter.finagle.http
+
+import com.twitter.finagle.builder.SslCipherAttribution
+
+import org.jboss.netty.channel.{Channel, ChannelHandler, ChannelHandlerContext, MessageEvent,
+ SimpleChannelHandler}
+import org.jboss.netty.handler.codec.http.{HttpRequest, HttpResponse}
+
+/**
+ * Extract the cipher from the SslCipherAttribution ChannelLocal variable and
+ * set it as a header on the HTTP request befor sending it upstream.
+ */
+class AnnotateCipher extends SimpleChannelHandler {
+ override def messageReceived(ctx: ChannelHandlerContext, e: MessageEvent) {
+ if (e.getMessage.isInstanceOf[HttpRequest]) {
+ val req = e.getMessage.asInstanceOf[HttpRequest]
+ val cipher = SslCipherAttribution(ctx.getChannel)
+ req.setHeader("X-Transport-Cipher", cipher)
+ }
+
+ super.messageReceived(ctx, e)
+ }
+}
View
2 finagle-core/src/main/scala/com/twitter/finagle/http/Codec.scala
@@ -58,6 +58,8 @@ case class Http(
"httpDechunker",
new HttpChunkAggregator(_maxRequestSize.inBytes.toInt))
+ pipeline.addLast("annotateCipher", new AnnotateCipher)
+
pipeline.addLast(
"connectionLifecycleManager",
new ServerConnectionManager)

No commit comments for this range

Something went wrong with that request. Please try again.